You’re running out of time to protect your computer

Hackers are coming: More than 1 million users need to scramble to protect their PCs

By

PriyaAnand

iStock

International law enforcement authorities over the weekend took control of two hacker networks that have infected more than a million computers worldwide to steal banking information and lock devices until users pay a ransom, U.S. officials announced last week.

People should run security tests on their computers within the next two weeks, before the masters of the botnets have a chance to regain control, the United Kingdom’s National Crime Agency says. One malware-driven network, called “Gameover Zeus”, lifted banking credentials from as many as 1 million infected Microsoft Windows computers, to steal more than $100 million. The U.S. is home to the highest percentage of Gameover Zeus infections, at 13%, according to Mountain View, Calif.-based security company Symantec.

The second seized network, built using Cryptolocker malware, kidnapped files. Cryptolocker took hold of more than 234,000 computers, about half of which were in the U.S. Its controllers demanded ransom payments from people, making an estimated $27 million in its first two months, according to the Justice Department. (Also see: Data kidnappers hold your files for ransom)

The computer network seizures spanned Canada, France, Germany, Luxembourg, the Netherlands, Ukraine and the United Kingdom, freeing more than 300,000 victim’s computers. The U.S. has charged 30-year-old Russian Evgeniy Bogachev, the alleged administrator of the Gameover Zeus botnet, with a 14-count indictment for conspiracy, computer hacking, wire fraud, bank fraud and money laundering.

“Over the next few days and weeks, our investigators and prosecutors will work with private-sector partners to notify infected victims and provide links to safe and trusted tools that can help them rid themselves of Gameover Zeus and Cryptolocker and then close the vulnerabilities through which their computers were infected,” Assistant Attorney General Leslie R. Caldwell said at a press conference Monday.

Malware that turns computers into bots — or robots that are part of a larger network called a botnet, like Gameover Zeus — can creep into computers in many ways, even when users don’t open the door by clicking on malicious links in spam or downloading funky applications and software. The U.S. Computer Emergency Readiness Team, a unit of the Department of Homeland Security that handles cybercrime, posted a list of antivirus and anti-malware software it recommends people run, in addition to changing passwords.

People should heed the two-week warning issued by the U.K. agency, security experts say. That’s the amount of time they expect it would take criminals to regain control of the networks, says Vikram Thakur of Symantec’s security response team.

Here are some experts’ tips to discern whether your computer is a bot:

The website you’re on isn’t the one you opened

A telltale sign that a computer has been compromised is when the website that pops up isn’t the same one a user attempted to open, says Symantec’s Thakur. Or, beware if you conduct a search using one engine but results appear in a different search engine or are unrelated to the query.

Programs and the Internet are running unusually slowly

Users of infected computers might notice a dramatic difference in how much time it takes to open programs or load websites, says Rami Essaid, CEO of Arlington, Virginia-based Distil Networks. The security company found in a report this year that bad bots doubled their presence last year to account for almost 24% of web traffic in the last quarter of 2013. Still, not every botnet will try to suck up resources from the zombie computers in its network. Botnets that simply look to scrape information — like Gameover Zeus, which lifted financial credentials — may not exhibit this symptom.

Check the activity monitor

What processes is the computer running? Open the task manager, sometimes called an activity monitor, to check what applications are running, particularly when you turn on the computer. Is an unfamiliar application automatically booting up each time the computer turns on? That’s a red flag, Essaid says.

Log into your router to track activity

A zombie computer that’s part of a botnet will run automatically even when a user isn’t working on the machine. Many routers provide usage reports that people can log into in the same way they logged in to set up the system. “If you don’t have anything scheduled to run on your laptop and the laptop is communicating constantly anyway, then that’s a very clear sign that something is automating that laptop,” Essaid says.

Mortgage Rates

Powered by

This advertisement is provided by Bankrate, which compiles rate data from more than 4,800 financial institutions. Bankrate is paid by financial institutions whenever users click on display advertisements or on rate table listings enhanced with features like logos, navigation links, and toll free numbers. Dow Jones receives a share of these revenues when users click on a paid placement.

Intraday Data provided by SIX Financial Information and subject to terms of use.
Historical and current end-of-day data provided by SIX Financial Information.
All quotes are in local exchange time. Real-time last sale data for U.S. stock quotes reflect trades reported through Nasdaq only.
Intraday data delayed at least 15 minutes or per exchange requirements.